5 matches found
CVE-2023-37250
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This...
CVE-2023-37250
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This...
CVE-2023-37250
Unity Parsec includes a TOCTOU race condition that allows a local attacker to escalate to SYSTEM when installed in per-user mode. The issue arises from loading DLLs from a user-owned directory without guaranteed integrity verification. Affected: Parsec Loader up to version 8; Parsec Loader 9 fixe...
CVE-2023-37250
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This...
Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process
Overview Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec access to gain NTAUTHORITY/SYSTEM privileges. Description The vulnerability is a time-of-check time–of-use TOCTOU vulnerability. There existed a small...